Thursday, 7 July 2011

NFS -- Provide network shares suitable for group collaboration

At first, I thought that this was in essence the same objective as Create and configure set-GID directories for collaboration, where the folder that you set up is also shared and writeable to everybody, ie chmod 4777, but I'm not sure that this is actually the case, as you are depending on the user's umask to set the right permissions for the files created, in other words you need to make the files world writeable.

An alternative is to set the uid and gid of the anonymous user so that they match the owner of the share, but this is also the same as making it world writable, just a little bit more elegantly and you still need to set up the directory for collaboration in the NFS server, if that is indeed required. In a similar vein, you can change the shared directory's ownership to nfsnobody.

It is worth bearing in mind that NFS works using uid and gids, so that if you set the gid (or the uid) to 514 and the client does not have a group with gid 514 it won't know who to match, so you will get permissions errors. More intriguingly, if you set  an (either anonuid or anongid) on the share (e.g. home/col *(rw,sync,anongid=514)) and create a file with a user that has uid =gid=501 and has 514 as a secondary group, the file will belong to user with uid=501 in the server, which may or may not be the same user as in the client. In other words, this needs some sort of directory service to work properly, which to me sounds more complicated than the average objective, even for the RHCE exam.

Thus, in essence, in other for this to work properly you need to have both server and client being member of a domain, then set up group collaboration on a share where the group owner is a domain group and finally simply export the share, which al seems way beyond the average objective as I said above.

Since I've meaning for a while to write a post about setting openLDAP up, so once this is done, I will update this post.

1 comment:

  1. I would agree that this is exam objective is unclear. It is confusing if server and client have their own UID and GID. A shared folder set up for collaboration by the nfs server will work fine locally, but from the client's point of view, they're logged in as nobody:nobody if the nfs export option has anonuid and anongid set.